Check out all the on-demand sessions from the Intelligent Security Summit here.

SpyCloud researchers recently reported that an overwhelming majority of cybersecurity leaders surveyed (81%)  believe their organization’s security is above average or exceptional. At the same time, 72% reported that their organization was affected by ransomware at least once within the past twelve months, with 18% reporting they were impacted more than six times in the past year. With regard to the frequency of attacks, SpyCloud’s report states that “Organizations of all sizes were affected nearly to the same extent, with the exception of those with more than 25,000 employees.”

In addition, only 18% of survey respondents believe a ransomware incident is not likely to happen at their organization within the next year, while 13% believe it’s very likely to happen at least once, and 22% believe it’s very likely to happen multiple times. Businesses’ confidence in their preparedness for ransomware is demonstrably misplaced.

Bar graph. Title: Riskiest points of entry for ransomware. Phishing emails with infected attachments/links is 3.44. Weak or exposed credentials is 3.22. Personal devices with network access is 3.28. Social engineering is 3.26. Unpatched vulnerabilities is 3.25. Open/vulnerable RDP ports is 3.23. And VPN connections / infrastructure is 3.18.

Above: SpyCloud’s 2021 Ransomware Defense Report survey respondents identified phishing emails with infected attachments and links as the riskiest ransomware attack vector, followed by weak or exposed credentials. Nevertheless, they reported a comparative lack of investment in tools aimed at closing these risky entry points.

Image Credit: SpyCloud

This gap between organizations’ perception of their “cyber maturity” and the reality of their vulnerability to ransomware attacks stems from a failure to invest in prevention. While respondents identified phishing emails and weak or stolen credentials as the riskiest ransomware attack vectors, many lacked basic password hygiene and prevention measures. For example, 41% lack a password complexity requirement, and only 55.6% have implemented multifactor authentication (MFA).

Business leaders are acutely aware of the dangers they face. Despite the rising costs of cybersecurity, organizations are prioritizing their investments in cybersecurity defenses more than ever before. The biggest hindrance is the lack of skilled security personnel, followed closely by low-security awareness among employees.


Intelligent Security Summit On-Demand

Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.

Watch Here

To combat the threat of ransomware, prevention and vigilance are key. While people may be organizations’ greatest source of vulnerability, they are also critical to closing the riskiest entry points for cybercriminals. Increasing security awareness, implementing protocols to improve password hygiene, and monitoring to detect exposed credentials and change them before criminals can use them to infiltrate corporate networks are basic preventative steps that all companies should take.

SpyCloud’s 2021 Ransomware Defense Report analyzes a survey of IT security professionals and executives from a cross-section of small, mid-market, and large enterprises regarding how they view the threat of ransomware attacks and the maturity of their cybersecurity defenses between August 2020 and August 2021.

Read the full report by SpyCloud.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.